Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rhpam: privilege escalation via excessive /etc/passwd permissions
Vulnerability Description
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
Red Hat Process Automation Manager 安全漏洞
Vulnerability Description
Red Hat Process Automation Manager是美国红帽(Red Hat)公司的一款流程自动化管理器。该产品支持业务流程管理、业务规则管理、业务资源优化和复杂事件处理等功能。 Red Hat Process Automation Manager存在安全漏洞,该漏洞源于构建过程中/etc/passwd文件被设置为组可写权限,可能导致攻击者在容器内获得完整root权限。
CVSS Information
N/A
Vulnerability Type
N/A